In this day and age, due to the proliferation of computer software viruses, including spyware and other malicious types of code, Information Technology (IT) security has become far more complex than preventing just e-mail spam. With the recent and frequent outbreaks of phishing, pharming and spyware attacks, the setting up of various forms of network system defenses is becoming mandatory. These defenses include anti-virus software, anti-spam software, firewalls (both software and hardware), defenses against Denial-of-Service (DOS) attacks, anti-phishing technology, etc. As new types of threats are identified, new defenses are created and implemented. These include implementing products available from Symantec Corporation of Cupertino, Calif.
Historically, for each threat there was a corresponding defense. Over the years, however, this has led to a “jumble” of separate programs or appliances that are necessarily deployed on a system. Having multiple defense systems leads to complexity and redundancy as there is an overlap of security features.
Initially, firewalls were provided to defend a network against hackers. As viruses became more prevalent, an Anti Virus Gateway was provided to scan for viruses, then web content filtering, and then spam filtering. As a result, multiple devices that were costly to administer and consumed valuable rack space began appearing in IT administrators' data centers.
Enterprise firewalls became more robust due to the hardware on which the application is installed and, thus, it was easy to add “off box” functions right into the firewall. Firewalls became “Firewall Appliances.” IT administrators would rather administer a Firewall Appliance that integrates Anti Virus, Content Filtering, Intrusion Detection and Spam Filtering, than administer multiple systems that perform these functions.
Unified Threat Management (UTM) is the name given to this trend in the firewall appliance security market. A UTM appliance consolidates a wide variety of gateway security functions into one box in contrast to the traditional solution of having different security functions on dedicated appliances. A UTM appliance not only guards against intrusion but performs content filtering, spam filtering, intrusion detection and anti virus duties.
UTM appliances have several benefits including operating multiple defenses through a single administrative interface without the burden of running multiple servers. In addition, only one vendor need be dealt with if adjustments, such as upgrading, are needed. A UTM appliance may offer a lower cost of ownership than traditional solutions.
There are, however, disadvantages to the approaches taken in the development and implementation of known UTM appliances.